Deployment |
Parameter conveys the VM resource profile. For an on-premise installation, choose Crosswork On-Premise.
|
|
Host Information |
|
Description |
A detailed description of the Data Gateway.
|
|
Label |
Label used by Cisco Crosswork to categorize and group multiple Data Gateway VMs.
|
|
AllowRFC8190 |
Choose how to validate interface addresses that fall in a usable RFC 8190 range. Options are: Yes , No , or Ask , where the initial configuration script prompts for confirmation.
The default value is Yes to automatically allow interface addresses in an RFC 8190 range.
|
|
DGCertKey |
SCP URI to private key file for session key signing. You can retrieve this using SCP (user@host:path/to/file ).
|
Cisco Crosswork uses self-signed certificates for handshake with Crosswork Data Gateway. These certificates are generated at installation.
However, if you want to use third party or your own certificate files, then enter these parameters.
Certificate chains override any preset or generated certificates in the Data Gateway VM and are given as an SCP URI (user:host:/path/to/file). The host with the URI files must be reachable on the network (from the vNIC0 interface via SCP) and the files must be present
at the time of install.
|
DGCertChainPwd |
Passphrase of the SCP user to retrieve the Crosswork Data Gateway PEM formatted certificate file and private key.
|
DGAppdataDisk |
Indicates the size in GB of a second data disk. The default value of this parameter in each profile is:
-
20 GB for Standard.
-
520 GB for Extended.
Do not change the default value without consulting a Cisco representative.
|
|
HANetworkMode
|
Indicates the mode for the high-availability network.
Options are:
The default value is L2 .
|
|
Passphrase |
dg-adminPassword |
The password you have chosen for the dg-admin user.
Password must be 8–64 characters.
|
|
dg-operPassword |
The password you have chosen for the dg-oper user.
Password must be 8–64 characters.
|
NicDefaultGateway
|
The interface used as the default Data Gateway for processing the DNS and NTP traffic.
Options are eth0 , eth1 , or eth2 . The default value is eth0 .
|
For information on the type of roles that you must assign to the vNICs, see Table 3.
|
NicAdministration
|
The interface used to access the VM through the SSH access.
Options are eth0 , eth1 , or eth2 . The default value is eth0 .
|
NicExternalLogging
|
The interface used to send logs to an external logging server.
Options are eth0 , eth1 , or eth2 . The default value is eth0 .
|
NicManagement
|
The interface used to send the enrollment and other management traffic.
Options are eth0 , eth1 , or eth2 . The default value is eth0 .
|
NicControl
|
The interface used to send the destination, device, and collection configuration.
Options are eth0 , eth1 , or eth2 . The default value is eth1 .
|
NicNBSystemData
|
The interface used to send collection data to the system destination.
As the system destinations share the same IP as the interface that allows connection to the collection service, the northbound
data for system destinations uses the Control role's interface.
Options are eth0 , eth1 , eth2 or eth3 .
|
NicNBExternalData
|
The interface used to send the collection data to the external destinations configured by the user.
Options are eth0 , eth1 , or eth2 .
In a 2-NIC deployment, the default interface is eth1 ; in a 3-NIC deployment, it is eth2 .
|
NicSBData
|
The interface used to collect data from the devices.
If the interface only has the NicSBData role, it doesn't need an IP during the deployment.
Options are eth0 , eth1 , or eth2 . The default value is eth2 .
|
vNIC IPv4 address1
|
Vnic0IPv4Method
Vnic1IPv4Method
Vnic2IPv4Method
|
Method in which the interface is assigned an IPv4 address - None or Static .
The default value is None .
|
-
If you're using IPv4, change the value from none to static, then configure these fields:
-
vNIC IPv4 Address
-
vNIC IPv4 Netmask
-
vNIC IPv4 Skip Gateway
-
vNIC IPv4 Gateway
-
If you are using IPv6, leave the value set to none and retain the default IPv4 settings.
|
Vnic0IPv4Address
Vnic1IPv4Address
Vnic2IPv4Address
|
IPv4 address of the interface.
|
Vnic0IPv4Netmask
Vnic1IPv4Netmask
Vnic2IPv4Netmask
|
IPv4 netmask of the interface in dotted quad format.
|
Vnic0IPv4SkipGateway
Vnic1IPv4SkipGateway
Vnic2IPv4SkipGateway
|
The default value is False .
Setting this to True skips configuring a gateway.
|
Vnic0IPv4Gateway
Vnic1IPv4Gateway
Vnic2IPv4Gateway
|
IPv4 address of the vNIC gateway.
|
vNIC IPv6 address 2
|
Vnic0IPv6Method
Vnic1IPv6Method
Vnic2IPv6Method
|
Method in which the vNIC interface is assigned an IPv6 address - None , Static , or SLAAC .
The default value is None .
|
If you're using IPv6, change the value from none to static, then configure these fields:
-
vNIC IPv6 Address
-
vNIC IPv6 Netmask
-
vNIC IPv6 Skip Gateway
-
vNIC IPv6 Gateway
|
Vnic0IPv6Address
Vnic1IPv6Address
Vnic2IPv6Address
|
IPv6 address of the interface.
|
Vnic0IPv6Netmask
Vnic1IPv6Netmask
Vnic2IPv6Netmask
|
IPv6 prefix of the interface.
|
Vnic0IPv6SkipGateway
Vnic1IPv6SkipGateway
Vnic2IPv6SkipGateway
|
Options are True or False .
Selecting True skips configuring a gateway.
|
Vnic0IPv6Gateway
Vnic1IPv6Gateway
Vnic2IPv6Gateway
|
IPv6 address of the vNIC gateway.
|
DNS servers |
DNSSEC |
Options are False , True , or Allow-Downgrade .
The default value is False
Select True to use DNS security extensions.
|
|
DNSTLS |
Options are False , True , and Opportunistic .
The default value is False .
Select True to use DNS over TLS.
|
|
mDNS |
Options are False , True , and Resolve . Select True to use multicast DNS.
The default value is False .
|
If you choose Resolve, only resolution support is enabled. Responding is disabled.
|
LLMNR |
Options are False , True , Opportunistic , or Resolve .
The default value is False .
|
If you choose Resolve, only resolution support is enabled. Responding is disabled.
Select True to use link-local multicast name resolution.
|
NTPv4 servers |
NTPAuth |
Select True to use NTPv4 authentication.
The default value is False .
|
|
NTPKey |
Key IDs to map to the server list. Enter a space-delimited list of Key IDs.
|
|
NTPKeyFile |
SCP URI to the chrony key file.
|
|
NTPKeyFilePwd |
Password of SCP URI to the chrony key file.
|
|
Remote syslog server |
UseRemoteSyslog |
Options are True and False . Select True to send Syslog messages to a remote host.The default value is False .
|
Configuring an external syslog server sends service events (CLI/MDT/SNMP/gNMI) to the external syslog server. Otherwise,
they are logged only to the Crosswork Data Gateway VM.
If you want to use an external syslog server, specify the following settings:
-
Use Remote Syslog Server
-
Syslog Server Address
-
Syslog Server Port
-
Syslog Server Protocol
|
SyslogAddress
|
Hostname, IPv4, or IPv6 address of a syslog server accessible in the management interface.
|
SyslogPort |
Port number of the syslog server.
The default port number is 514.
|
SyslogProtocol |
Options are UDP , RELP , or TCP to send the syslog.
The default value is UDP .
|
SyslogMultiserverMode
|
Multiple servers in the failover or simultaneous mode. This parameter is applicable only when the protocol is set to a non-UDP
value. UDP must use the simultaneous mode.
Options are Simultaneous or Failover .
The default value is Simultaneous .
|
SyslogTLS |
Select True to use TLS to encrypt syslog traffic.
The default value is False .
|
SyslogPeerName |
Syslog server hostname exactly as entered in the server certificate SubjectAltName or subject common name.
|
SyslogCertChain
|
PEM formatted root cert of syslog server retrieved using SCP.
The host with the URI files must be reachable on the network (from vNIC0 interface via SCP) and the files must be present
at the time of install.
|
SyslogCertChainPwd
|
Password of SCP user to retrieve Syslog certificate chain.
|
Remote auditd server |
UseRemoteAuditd |
Options are True and False . The default value is False .Select True to send auditd messages to a remote host. |
If desired, you can configure an external Auditd server. Crosswork Data Gateway sends audit notifications to the Auditd server
when it is configured and present on the network.
Specify these three settings to use an external Auditd server.
|
AuditdAddress |
Hostname, IPv4, or IPv6 address of an optional Auditd server.
|
AuditdPort |
Port number of an optional Auditd server.
The default port is 60.
|
Controller and proxy settings |
ControllerIP |
The Virtual IP address or the hostname of the Cisco Crosswork cluster.
Note
|
If you are using an IPv6 address, it must be surrounded by square brackets ([1::1]).
|
If geo redundancy is enabled, use the unified endpoint. For more information, see Unified Endpoint Requirements.
|
This is required so that the Data Gateway can enroll with the Crosswork server during the installation and initial start up.
Excluding this step requires you to manually ingest the certificate. For more information, see Import Controller Signing Certificate File.
|
ControllerPort |
Port of the Cisco Crosswork controller.
The default port is 30607.
|
|
ControllerSignCertChain |
PEM formatted root cert of Cisco Crosswork to validate signing certs retrieved using SCP. Cisco Crosswork generates the PEM file and is available at the following location:
cw-admin@<Crosswork_VM_ Management_VIP_Address>:/home/cw-admin/controller.pem
Note
|
If you are using an IPv6 address, it must be surrounded by square brackets ([1::1]).
|
|
Crosswork Data Gateway requires the Controller Signing Certificate File to enroll automatically with Cisco Crosswork.
If you specify these parameters during the installation, the certificate file is imported once Data Gateway boots up for the
first time.
If you do not specify these parameters during installation, then import the certificate file manually by following the procedure
Import Controller Signing Certificate File.
|
ControllerTlsCertChain |
Cisco Crosswork Controller PEM formatted SSL/TLS certificate file retrieved using SCP.
|
|
ControllerCertChainPwd |
Password of SCP user (cw-admin) to retrieve Cisco Crosswork certificate chain.
|
|
ProxyURL
|
URL of the HTTP proxy server.
|
The proxy parameters apply to the Crosswork Data Gateway cloud deployment.
The Data Gateway must connect to the Internet via TLS, and a proxy server may be required if it is not present in your environment.
If you want to use a proxy server, specify these parameters.
|
ProxyBypass |
Comma-delimited list of addresses and hostnames that will not use the proxy server.
|
ProxyUsername |
Username for authenticated proxy servers.
|
ProxyPassphrase |
Passphrase for authenticated proxy servers.
|
ProxyCertChain |
HTTPS proxy PEM formatted SSL/TLS certificate file retrieved using SCP.
|
ProxyCertChainPwd |
Password of SCP user to retrieve proxy certificate chain.
|
Geo redundancy settings |
az_id |
The physical location of Availability Zone 1 and 2.
|
|
region_id |
The physical location of the Data Gateway VM.
|
|
site_location |
The location of the primary and second Crosswork sites.
During enrollment, Crosswork sends this value to cdg-manager to preset the cluster affiliation of the instance.
|
|